Critical vulnerabilities in Fortinet FortiSandbox are under exploitation
Critical vulnerabilities in Fortinet FortiSandbox are under exploitation
Publish Date: 2026-06-16 12:07:00
Source Domain: www.cybersecuritydive.com
Researchers are warning that critical vulnerabilities in Fortinet’s FortiSandbox are under exploitation.
Defused, a firm that tracks security vulnerabilities, on Tuesday said three separate flaws in Fortinet FortiSandbox were being exploited by attackers, according to a post on X. FortiSandbox is an AI-powered tool that is used to isolate and analyze malware and zero-day threats.
The first, an operating system command-injection vulnerability tracked as CVE-2026-25089, was patched on June 9. Fortinet said in an advisory that the flaw could allow an unauthenticated attacker to execute commands by using specially crafted HTTP requests.
A second OS command-injection flaw, tracked as CVE-2026-39808, could allow an attacker to execute code or commands by using specially crafted HTTP requests. That vulnerability was originally disclosed in April.
The third flaw is a path-traversal vulnerability, tracked as CVE-2026-39813, that allows an attacker to bypass authentication and launch an attack. It was also disclosed in April.
No info on victims, attackers
Researchers at Defused thus far did not have information on who may be behind the attacks, and there was no information on whether customers were directly impacted or what post-exploitation activity was taking place.
The threat activity marks the latest to face Fortinet in recent months. In April, a critical zero-day flaw in FortiClient Endpoint Management Server was targeted in attacks. The company released an emergency hotfix.
